Full Disclosure mailing list archives
RE: Potentially new Virus
From: "Mike" <mjcarter () ihug co nz>
Date: Wed, 26 Nov 2003 21:53:40 +1300
Hi Anthony, I have tried that and it now works when searching in Sophos with this "Hello my dear Mary" but it didn't yesterday, I know that just means they didn't have a name or didn't have detection for it when I did the search. And I did notice that searching Symantec with "Hello my dear Mary" today now returns a good result: Backdoor.Sysbug which is AKA BackDoor-CAG, Troj/Sysbug-A . Using that search at NAI returns nothing and using it at Trend returns 500 results?? I don't have time to go through all that. My whish is to be able to search by characteristics using criteria like msg body, subject, ports used, reg changes, dropped files, whatever else you can think of... etc etc etc without having to wade through pages of crap. I guess what I'm asking for is a database of virus characteristics that would probably need to be independent of av vendors because, after all, they are in the business to make money. I'm probably asking too much. Regards Mike -----Original Message----- From: full-disclosure-admin () lists netsys com [mailto:full-disclosure-admin () lists netsys com]On Behalf Of Anthony Aykut Sent: Tuesday, November 25, 2003 9:19 PM To: Mike; Tireman; full-disclosure () lists netsys com Subject: RE: [Full-disclosure] Potentially new Virus Try Sophos - www.sophos.com http://www.sophos.com/virusinfo/analyses/trojsysbuga.html Thanks, Anthony Aykut Frame4 Security Systems Your Partner in IT Security http://www.frame4.com/ Tel/Fax : +31(0)172-515901 Mobile : +31(0)651-491507 -----Original Message----- From: full-disclosure-admin () lists netsys com [mailto:full-disclosure-admin () lists netsys com]On Behalf Of Mike Sent: Tuesday, November 25, 2003 08:15 To: Tireman; full-disclosure () lists netsys com Subject: RE: [Full-disclosure] Potentially new Virus Hi Andrew, The message body does ring a bell, but I don't remember what the virus is. I searched many different anti-virus vendor sites and googled. Which brings me to this question: why is it so damn hard for us to search for info on viruses by subject, msg body, or/and symptoms??? It gets really frustrating when you recognize certain characteristics of a virus but can't search for them!! Is there a service I'm unaware of? Thanks Mike -----Original Message----- From: full-disclosure-admin () lists netsys com [mailto:full-disclosure-admin () lists netsys com]On Behalf Of Tireman Sent: Tuesday, November 25, 2003 6:57 PM To: full-disclosure () lists netsys com Subject: [Full-disclosure] Potentially new Virus Has anyone come across a virus with the following message body and attached a file called 'Private.zip' which unzips to wendynaked.jpg.exe I couldn't find any info on Symantecs security response site or Google either. Message Body: ----- Start --- Hello my dear Mary, I have been thinking about you all night. I would like to apologize for the other night when we made beautiful love and did not use condoms. I know this was a mistake and I beg you to forgive me. I miss you more than anything, please call me Mary, I need you. Do you remember when we were having wild sex in my house? I remember it all like it was only yesterday. You said that the pictures would not come out good, but you were very wrong, they are great. I didn't want to show you the pictures at first, but now I think it's time for you to see them. Please look in the attachment and you will see what I mean. I love you with all my heart, James. Andrew ----- End ---- -- (6) It is easier to move a problem around (for example, by moving the problem to a different part of the overall network architecture) than it is to solve it. (6a) (corollary). It is always possible to add another level of indirection. -- RFC 1925 _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Potentially new Virus Tireman (Nov 24)
- RE: Potentially new Virus Mike (Nov 24)
- RE: Potentially new Virus Anthony Aykut (Nov 25)
- RE: Potentially new Virus Mike (Nov 26)
- RE: Potentially new Virus Anthony Aykut (Nov 25)
- Re: Potentially new Virus Valdis . Kletnieks (Nov 25)
- Re: Potentially new Virus madsaxon (Nov 25)
- Re: Potentially new Virus Tireman (Nov 25)
- RE: Potentially new Virus Arcturus (Nov 25)
- <Possible follow-ups>
- Re: Potentially new Virus Paul Szabo (Nov 25)
- Re: Potentially new Virus Andreas Gietl (Nov 25)
- FW: Potentially new Virus Andy Streule (Nov 26)
- Re: Potentially new Virus Feher Tamas (Nov 28)
- RE: Potentially new Virus Mike (Nov 24)